SB2021081250 - Multiple vulnerabilities in TensorFlow
Published: August 12, 2021 Updated: May 4, 2026
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 32 vulnerabilities.
1) Input validation error (CVE-ID: CVE-2021-37666)
The vulnerability allows a local user to cause undefined behavior.
The vulnerability exists due to improper input validation in tf.raw_ops.RaggedTensorToVariant when processing an empty rt_nested_splits argument. A local user can supply crafted input to cause undefined behavior.
2) Input validation error (CVE-ID: CVE-2021-37665)
The vulnerability allows a remote attacker to cause a denial of service or disclose sensitive information.
The vulnerability exists due to improper input validation in MKL requantization operations when parsing crafted tensor inputs. A remote attacker can supply malformed input tensors to cause a denial of service or disclose sensitive information.
The issue affects the MKL implementations of RequantizationRangePerChannel and MklRequantizePerChannelOp.
3) Out-of-bounds read (CVE-ID: CVE-2021-37663)
The vulnerability allows a local user to cause a denial of service or disclose sensitive information.
The vulnerability exists due to out-of-bounds read in tf.raw_ops.QuantizeV2 when parsing crafted min_range, max_range, and axis inputs. A local user can supply inconsistent tensor arguments to cause a denial of service or disclose sensitive information.
The issue can also trigger undefined behavior by binding a reference to a null pointer.
4) Out-of-bounds read (CVE-ID: CVE-2021-37664)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in BoostedTreesSparseCalculateBestFeatureSplit when processing specially crafted illegal arguments. A remote attacker can send specially crafted illegal arguments to disclose sensitive information.
5) Input validation error (CVE-ID: CVE-2021-37662)
The vulnerability allows a local user to cause undefined behavior.
The vulnerability exists due to improper input validation in BoostedTreesCalculateBestGainsPerFeature and BoostedTreesCalculateBestFeatureSplitV2 when parsing crafted input values. A local user can invoke the affected operations with specially crafted arguments to cause undefined behavior.
6) Input validation error (CVE-ID: CVE-2021-37661)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in boosted_trees_create_quantile_stream_resource when processing negative num_streams arguments. A local user can supply a negative num_streams value to cause a denial of service.
The issue is triggered by an integer conversion from a negative signed value to a large unsigned value during memory reservation.
7) Input validation error (CVE-ID: CVE-2021-37660)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in inplace operations when processing crafted arguments that result in a division by 0. A remote attacker can call an inplace operation with crafted arguments to cause a denial of service.
8) Out-of-bounds read (CVE-ID: CVE-2021-37659)
The vulnerability allows a remote attacker to cause undefined behavior.
The vulnerability exists due to an out-of-bounds read in binary cwise operations in tensorflow/core/kernels/cwise_ops_common.h when processing inputs with mismatched element counts in operations that do not require broadcasting. A remote attacker can supply crafted input tensors to cause undefined behavior.
This affects binary cwise operations that assume both inputs have exactly the same number of elements, including gradients of binary cwise operations.
9) Input validation error (CVE-ID: CVE-2021-37658)
The vulnerability allows a remote attacker to cause undefined behavior.
The vulnerability exists due to improper input validation in MatrixSetDiagV* ops when processing a crafted empty k tensor. A remote attacker can send crafted input to trigger reference binding to a null pointer and cause undefined behavior.
10) Input validation error (CVE-ID: CVE-2021-37657)
The vulnerability allows a remote attacker to cause undefined behavior.
The vulnerability exists due to improper input validation in MatrixDiagV* ops when processing a crafted k tensor. A remote attacker can supply an empty tensor for k to cause undefined behavior.
11) Input validation error (CVE-ID: CVE-2021-37656)
The vulnerability allows a remote attacker to cause undefined behavior.
The vulnerability exists due to improper input validation in tf.raw_ops.RaggedTensorToSparse when processing user-supplied rt_nested_splits values. A remote attacker can supply non-increasing split values to cause undefined behavior.
12) Out-of-bounds read (CVE-ID: CVE-2021-37655)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to out-of-bounds read in tf.raw_ops.ResourceScatterUpdate when processing invalid arguments with mismatched indices and updates shapes. A remote attacker can send crafted input tensors to disclose sensitive information.
13) Out-of-bounds read (CVE-ID: CVE-2021-37654)
The vulnerability allows a remote attacker to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in tf.raw_ops.ResourceGather when processing a user-supplied batch_dims value. A remote attacker can supply a crafted batch_dims value greater than the input tensor rank to disclose sensitive information.
In debug builds, the issue can manifest as a CHECK failure instead of an out-of-bounds read.
14) Division by zero (CVE-ID: CVE-2021-37653)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to division by zero in tf.raw_ops.ResourceGather when processing crafted input with batch_dims set to 1. A local user can supply a crafted tensor to trigger a crash via a floating point exception to cause a denial of service.
15) Use-after-free (CVE-ID: CVE-2021-37652)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to use-after-free in tf.raw_ops.BoostedTreesCreateEnsemble when processing specially crafted arguments. A local user can supply specially crafted arguments to cause a denial of service.
16) Heap-based buffer overflow (CVE-ID: CVE-2021-37651)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a heap-based buffer overflow in the FractionalAvgPoolGrad implementation when processing crafted input to tf.raw_ops.FractionalAvgPoolGrad. A remote attacker can supply a specially crafted input tensor shape and pooling sequences to cause a denial of service.
The issue is triggered because the implementation does not validate that the input tensor is non-empty before constructing and accessing an empty EigenDoubleMatrixMap.
17) Heap-based buffer overflow (CVE-ID: CVE-2021-37650)
The vulnerability allows a local user to cause a denial of service or execute arbitrary code.
The vulnerability exists due to a heap-based buffer overflow in tf.raw_ops.ExperimentalDatasetToTFRecord and tf.raw_ops.DatasetToTFRecord when processing a dataset containing non-string records. A local user can supply a specially crafted dataset with numeric types to cause a denial of service or execute arbitrary code.
18) NULL pointer dereference (CVE-ID: CVE-2021-37649)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in tf.raw_ops.UncompressElement when processing a Variant tensor that does not contain a CompressedElement. A remote attacker can supply crafted input to trigger a null pointer dereference and cause a denial of service.
19) Input validation error (CVE-ID: CVE-2021-37648)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in the tf.raw_ops.SaveV2 operation when processing crafted input arguments. A remote attacker can supply mismatched input arrays to trigger a null pointer dereference and cause a denial of service.
20) NULL pointer dereference (CVE-ID: CVE-2021-37647)
The vulnerability allows a remote user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in tf.raw_ops.SparseTensorSliceDataset when processing invalid sparse tensor arguments. A remote user can supply empty indices or mismatched sparse tensor inputs to cause a denial of service.
21) Integer overflow (CVE-ID: CVE-2021-37646)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to integer overflow in tf.raw_ops.StringNGrams when processing user-supplied ngram_widths values. A remote attacker can supply negative ngram_widths values to trigger excessive memory allocation and cause a denial of service.
22) Integer overflow (CVE-ID: CVE-2021-37645)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to integer overflow in tf.raw_ops.QuantizeAndDequantizeV4Grad when processing a crafted axis value. A local user can supply a negative axis value to trigger excessive memory allocation and cause a denial of service.
23) NULL pointer dereference (CVE-ID: CVE-2021-37643)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to a null pointer dereference in MatrixDiagPartOp when processing an invalid padding_value tensor. A local user can provide an empty padding_value input to cause a denial of service.
All versions of the operation are affected, including MatrixDiagPartV2.
24) Input validation error (CVE-ID: CVE-2021-37644)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to improper input validation in TensorListReserve when processing a user-supplied num_elements argument. A local user can supply a negative element count to cause a denial of service.
The issue causes the runtime to abort the process after attempting to resize a std::vector using a negative number of elements.
25) Out-of-bounds read (CVE-ID: CVE-2021-37641)
The vulnerability allows a local user to disclose sensitive information.
The vulnerability exists due to an out-of-bounds read in the RaggedGather operation when processing invalid ragged tensor arguments. A local user can supply crafted inputs to trigger a read from outside the bounds of heap-allocated buffers to disclose sensitive information.
In debug mode, the same input triggers a CHECK failure.
26) Division by zero (CVE-ID: CVE-2021-37642)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to division by zero in tf.raw_ops.ResourceScatterDiv when processing crafted updates values. A local user can supply an update value of 0 to trigger a crash and cause a denial of service.
27) Division by zero (CVE-ID: CVE-2021-37640)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to division by zero in tf.raw_ops.SparseReshape when processing crafted sparse reshape input. A local user can supply input shapes containing zero-valued dimensions to cause a denial of service.
28) NULL pointer dereference (CVE-ID: CVE-2021-37639)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to null pointer dereference in tf.raw_ops.Restore and tf.raw_ops.RestoreSlice when restoring tensors via raw APIs with an empty tensor_name input. A remote attacker can provide a crafted empty tensor_name value to cause a denial of service.
29) Input validation error (CVE-ID: CVE-2021-37638)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to improper input validation in RaggedTensorToTensor when processing a user-supplied row_partition_types argument. A remote attacker can send a specially crafted request with an empty list to cause a denial of service.
The issue results in a null pointer dereference and undefined behavior.
30) NULL pointer dereference (CVE-ID: CVE-2021-37637)
The vulnerability allows a local attacker to cause a denial of service.
The vulnerability exists due to a null pointer dereference in tf.raw_ops.CompressElement when processing invalid input. A local attacker can pass a crafted input to cause a denial of service.
31) Division by zero (CVE-ID: CVE-2021-37636)
The vulnerability allows a remote attacker to cause a denial of service.
The vulnerability exists due to division by zero in tf.raw_ops.SparseDenseCwiseDiv when processing crafted input tensors. A remote attacker can supply input that causes a zero divisor to trigger a floating point exception and cause a denial of service.
32) Out-of-bounds read (CVE-ID: CVE-2021-37635)
The vulnerability allows a local user to cause a denial of service.
The vulnerability exists due to out-of-bounds read in sparse reduction operations when processing a crafted SparseTensor input. A local user can supply a crafted sparse tensor with invalid indices to cause a denial of service.
Remediation
Install update from vendor's website.
References
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-w4xf-2pqw-5mq7
- https://github.com/tensorflow/tensorflow/commit/be7a4de6adfbd303ce08be4332554dff70362612
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-v82p-hv3v-p6qp
- https://github.com/tensorflow/tensorflow/commit/9e62869465573cb2d9b5053f1fa02a81fce21d69
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-g25h-jr74-qp5j
- https://github.com/tensorflow/tensorflow/commit/6da6620efad397c85493b8f8667b821403516708
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-r4c4-5fpq-56wg
- https://github.com/tensorflow/tensorflow/commit/e84c975313e8e8e38bb2ea118196369c45c51378
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f5cx-5wr3-5qrc
- https://github.com/tensorflow/tensorflow/commit/9c87c32c710d0b5b53dc6fd3bfde4046e1f7a5ad
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gf88-j2mg-cc82
- https://github.com/tensorflow/tensorflow/commit/8a84f7a2b5a2b27ecf88d25bad9ac777cd2f7992
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cm5x-837x-jf3c
- https://github.com/tensorflow/tensorflow/commit/e86605c0a336c088b638da02135ea6f9f6753618
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-q3g3-h9r4-prrc
- https://github.com/tensorflow/tensorflow/commit/93f428fd1768df147171ed674fee1fc5ab8309ec
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6p5r-g9mq-ggh2
- https://github.com/tensorflow/tensorflow/commit/ff8894044dfae5568ecbf2ed514c1a37dc394f1b
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-5xwc-mrhx-5g3m
- https://github.com/tensorflow/tensorflow/commit/f2a673bd34f0d64b8e40a551ac78989d16daad09
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-4xfp-4pfp-89wg
- https://github.com/tensorflow/tensorflow/commit/1071f554dbd09f7e101324d366eec5f4fe5a3ece
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-7fvx-3jfc-2cpc
- https://github.com/tensorflow/tensorflow/commit/01cff3f986259d661103412a20745928c727326f
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-2r8p-fg3c-wcj4
- https://github.com/tensorflow/tensorflow/commit/bc9c546ce7015c57c2f15c168b3d9201de679a1d
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-qjj8-32p7-h289
- https://github.com/tensorflow/tensorflow/commit/ac117ee8a8ea57b73d34665cdf00ef3303bc0b11
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-m7fm-4jfh-jrg6
- https://github.com/tensorflow/tensorflow/commit/5ecec9c6fbdbc6be03295685190a45e7eee726ab
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hpv4-7p9c-mvfr
- https://github.com/tensorflow/tensorflow/commit/0f931751fb20f565c4e94aa6df58d54a003cdb30
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-f8h4-7rgh-q2gm
- https://github.com/tensorflow/tensorflow/commit/e0b6e58c328059829c3eb968136f17aa72b6c876
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-6gv8-p3vj-pxvr
- https://github.com/tensorflow/tensorflow/commit/7bdf50bb4f5c54a4997c379092888546c97c3ebd
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-wp77-4gmm-7cq8
- https://github.com/tensorflow/tensorflow/commit/9728c60e136912a12d99ca56e106b7cce7af5986
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c5x2-p679-95wc
- https://github.com/tensorflow/tensorflow/commit/02cc160e29d20631de3859c6653184e3f876b9d7
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-h6jh-7gv5-28vg
- https://github.com/tensorflow/tensorflow/commit/c283e542a3f422420cfdb332414543b62fc4e4a5
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9w2p-5mgw-p94c
- https://github.com/tensorflow/tensorflow/commit/96f364a1ca3009f98980021c4b32be5fdcca33a1
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-fcwc-p4fc-c5cc
- https://github.com/tensorflow/tensorflow/commit/482da92095c4d48f8784b1f00dda4f81c28d2988
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-27j5-4p9v-pp67
- https://github.com/tensorflow/tensorflow/commit/8a6e874437670045e6c7dc6154c7412b4a2135e2
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-9c8h-vvrj-w2p8
- https://github.com/tensorflow/tensorflow/commit/a2b743f6017d7b97af1fe49087ae15f0ac634373
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-ch4f-829c-v5pw
- https://github.com/tensorflow/tensorflow/commit/4aacb30888638da75023e6601149415b39763d76
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-95xm-g58g-3p88
- https://github.com/tensorflow/tensorflow/commit/4923de56ec94fff7770df259ab7f2288a74feb41
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-gh6x-4whr-2qv4
- https://github.com/tensorflow/tensorflow/commit/9e82dce6e6bd1f36a57e08fa85af213e2b2f2622
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hwr7-8gxx-fj5p
- https://github.com/tensorflow/tensorflow/commit/301ae88b331d37a2a16159b65b255f4f9eb39314
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-c9qf-r67m-p7cg
- https://github.com/tensorflow/tensorflow/commit/5dc7f6981fdaf74c8c5be41f393df705841fb7c5
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-hp4c-x6r7-6555
- https://github.com/tensorflow/tensorflow/commit/d9204be9f49520cdaaeb2541d1dc5187b23f31d9
- https://github.com/tensorflow/tensorflow/security/advisories/GHSA-cgfm-62j4-v4rf
- https://github.com/tensorflow/tensorflow/commit/87158f43f05f2720a374f3e6d22a7aaa3a33f750